SAP Authorizations Authorization concept - user administration process - SAP Admin

Direkt zum Seiteninhalt
Authorization concept - user administration process
Making the RESPAREA responsibility the organisational level
Access to tables and reports should be restricted. A general grant of permissions, such as for the SE16 or SA38 transaction, is not recommended. Instead, parameter or report transactions can help. These transactions allow you to grant permissions only to specific tables or reports. You can maintain secondary authorization objects, such as S_TABU_NAM, in the Sample Value Care.

Authorization objects are defined with the help of transaction SU21. Each SAP transaction is equipped with the required authorization objects in SU24, which control access to specific functions within the respective program. Standard programs / transactions of an ERP system are already equipped with these objects during the initial installation. The same applies to other platforms such as CRM or Solution Manager.
Detect critical base permissions that should not be in application roles
When using encryption mechanisms, be sure to prevent access to the personal security environment (PSE) files in the server's file system and database. To do this, create your own table permission group for the SSF_PSE_D table and restrict programmes from accessing the /sec directory in the file system. For details on securing key tables, see SAP Note 1485029.

Existing log files are managed using the SM18 transaction. Here you can delete the log files in all active instances. This requires the indication of a minimum age in days for deletion. The smallest possible value is three days, without taking the current day into account in the calculation.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

On www.sap-corner.de you will also find useful information about SAP basis.


To access business objects or execute SAP transactions, a user requires appropriate authorizations, since business objects or transactions are protected by authorization objects.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.


Until now, users could only be selected by address data and permission data.
Zurück zum Seiteninhalt